If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Shell Script

I guess this is not quite a security question, but sort of is . For NESSUS you have to run "nessusd -D" which requires root. I am the only one on my computer so I do not want to have to "su -" every time I want to use NESSUS so I was trying to write a shell script, but I am not sure how to do it so that it allows for either root to run "nessusd -D." I do realize it may not be the safest thing, but if you have any idea's those are welcom as well. Here's my script.

Do unto others as you would have them do unto you.
The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
-- true colors revealed, a brown shirt and jackboots

This is only a slightly better idea than putting your root password in a script, but. If you are bound and determined.

I am not a big user of nessus, so I do not know if the owner or group of nessus is already important to it, so, this may screw up something, but not so that you cannot recover from it by reversing the steps you take. Make sure you record detailed information about the nessus command/file before you modify anything, like owner, group, exact permisions, etc...

ls -l nessus > nessus-permisions-before-change

will do that for ya....

Now,

Look up SUID.

make sure that root is the owner of the nessus command, add yourself to a group that has ownership on the nessus command. Make sure that nobody but the owner and the group can execute the command. Then set the SUID bit on the file. You probably want to look that up so that you can see what it is all about, but, here is quick and dirty commands.

cd /wherever/nessus/lives
ls -l nessus (to find out who owner and group are)
chown root nessus (if the owner is not allready nessus)
chgrp somegroup nessus (change group ownership to somegroup, you must be member of somegroup)
chmod 550 nessus (make sure that only owner and group can execute nessus)
chmod o+S nessus (this sets the file nessus to SUID, which means execute with the permisions of the owner of the file, for executables anyway)

Perhaps not the most secure thing, I do not know if there are any vulnerabilities in nessus, which could be exploited which it is running as root this way, but if you are bound and determined to not have to enter your root password everytime, this way should work.